002e6f3e348d68b0b3d25cc049d9fe5fbab999d34b17e9b9555674495b9558b1 | Triage

Sharing

General

Target

002e6f3e348d68b0b3d25cc049d9fe5fbab999d34b17e9b9555674495b9558b1
Size

17KB
Sample

221123-wm852acd98
MD5

f71e923ec3ec84a16013a8c2af859e8c
SHA1

ab65a2ce41ff99a65cba1ec492a70bf1a8b4dbb2
SHA256

002e6f3e348d68b0b3d25cc049d9fe5fbab999d34b17e9b9555674495b9558b1
SHA512

02b8f83d0e6718dd270b2650e00528be66e74849b94cf39aaf9a9bf6328b53cd3e48c8e6e451d790a7f0ad4e36fc6dc6c2961560b7673c776c5f6975c65dad71
SSDEEP

384:8sAYqlkLwtllwHea9jSArBXrSDfABnvsChB5Ebt11ABPa8e:8nkLyOHeakYX3BBwt11yat

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  Hacker-fb. vs2.exe
- Size
  
  43KB
- MD5
  
  7b85666aa59bad04d4b9a90fae28d15d
- SHA1
  
  852d7faccedfd547667c53821ffa8b888999532e
- SHA256
  
  a7a4e97b3a009fb89b9f62da413e1eaed7048b8855a9237534572ffb46ef1be0
- SHA512
  
  bd16091d5e8bf609783bdbcdd924ea4e0cc7be15cade12a125a3f2e511edf79da55bc388e02fb19e001c4bf2f4c3eae234ca595ef30174e4bbf27181eaf70970
- SSDEEP
  
  768:h3TnION+ONNqnY+8Owda/UDgbVGUJxwH:5nDbSUDgp3wH
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence